Economics of cybersecurity and data privacy

As evidenced in the last 10-15 years, cybersecurity is not a purely technical discipline. Decision-makers,
whether sitting at security providers (IT companies), security demanders (everyone using IT) or the security
industry, are mostly driven by economic incentives. Understanding these incentives are vital for designing
systems that are secure in real-life scenarios [1]. Parallel to this, data privacy has also shown the same
characteristics: proper economic incentives and controls are needed
to design systems where sharing data is beneficial to both data subject and data controller. An extreme example to a
flawed attempt at such a design is the Cambridge Analytica case [2].
The prospective student will identify a cybersecurity or data privacy economics problem, and use elements of game
theory and other domain-specific techniques and software tools to
transform the problem into a model and to propose a solution. Potential topics include: